We've had several people call about spam redirects on our website in the past couple of weeks. And we've already had three in the past hour. I submitted a ticket to TownNews and they said it isn't coming from our website. They said it comes from insecure websites and apps.

I think it's coming from Outbrain. When I load a story page with Outbrain enabled the page doesn't load securely on my phone and I get redirects. I disabled Outbrain and the pages then load securely. I also stopped getting the spam redirects.

So I decided to turn Outbrain back on. The page stopped loading securely and I started getting the redirects. Turned it off again, no redirects.

If this isn't originating from our website why does disabling Outbrain stop the redirects? And if this isn't originating from our website why do we have a noticeable influx of complaints?

I want to set the record straight on this in case someone has similar problems in the future and reads this. Our problem wasn't Outbrain. We had rogue code that was inserted into head of the page. I'm still not sure how it got there as TownNews didn't insert it and we sure didn't. Once I removed that code the problem stopped.

I'm pretty sure mine came from an ad that was on our page but wasn't supposed to be there. It had the text "Insticator" on it. I'd never heard that so I searched our source code and found specific ad code. It was right before the <head> closed. When I deleted that the Insticator ad went away and the redirects stopped. What's your website?

The code was right before the closing head tag. It was in the templates FLEX>Components>_Site>macros>option.head.utl. It loaded a script from cloudfront.net. There are other instances of scripts from cloudfront.net but I think it's actually a legitimate host. But the code from this Insticator company was bogus.

I just wanted to post something really quickly to update you that we have been investigating the details on this and found that the Insticator code was part of a beta test through our paid recommendations program. It has been disabled as we look at whether or not it was involved and so forth. I will have more info in the morning!

As I said in my previous post, we investigated this issue and found that the "Insticator" code was part of a beta test for the paid recommendations program and was implemented on a handful of sites. This code has been removed from these sites for now, while we ask the vendor to look into the issue and while we perform some further investigating ourselves. We actually do not have any confirmation that there was a bad ad on their network, nonetheless they have blocked the URL in question.

Also, prior to placing this code on these beta sites, someone at the site, usually on the advertising side, was notified and provided permission to move forward with the test.

Viruses, malware, and "bad ads" that cause mobile redirects and other situations are rare, but they can unfortunately happen and are usually very hard to track down.

We are also looking into other techniques and technologies that may be useful to help reduce these types of issues.

If you see this happening in the future, and you can reproduce it, please submit a ticket to our Customer Support staff with the URL of the page where it happened, the resulting landing page URL and any information you have about the ad (such as a screenshot, HTML source code, etc.) and we will see if we can reproduce it locally. If we are able to determine further where the redirect source might be, we can notify our partners of the URL so the issue can be addressed.

I haven't had the popups appear personally since yesterday afternoon, but I have to stress this hasn't been rare. It has been frequent in the past two weeks. We've had dozens of complaints from readers and could go around the newsroom and have it happen on 3 of 3 devices at any given time. I've forwarded examples to TN support and can do so again.

We switched to Facebook Instant to avoid issues there. I'm going to try to let posts run without Instant Article today and see what kind of response we get from readers. Thanks!

So far, all of the ads we have seen have been on iOS for us. One of them have included potential malware (no idea if it would work on iOS, AV caught it first). This needs looked into with haste please!